Re: [PATCH v8 14/21] mm/mmap: Avoid zeroing vma tree in mmap_region()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am Montag, dem 14.10.2024 um 10:46 +0100 schrieb Lorenzo Stoakes:
> On Mon, Oct 14, 2024 at 12:35:59AM +0200, Bert Karwatzki wrote:
> > I created a program which can trigger the bug on newer kernel (after the
> > "Avoid zeroing vma tree in mmap_region()" patch and before the fix).
> > My original goal was to trigger the bug on older kernels,
> > but that does not work, yet.
> >
> > Bert Karwatzki
>
> Thanks, that's great!
>
> For older kernels the problem should still be present, the fundamental
> thing that changed from the point of view of this bug is that merge won't
> contribute to the number of VMAs being overwritten at once.
>
> To trigger prior to commit f8d112a4e657 ("mm/mmap: avoid zeroing vma tree
> in mmap_region()") you would need to create a situation where the _clear_
> triggers the bug, i.e. you must consistute all the VMAs that are being
> overwritten by the store from existing VMAs you are overwriting with a
> MAP_FIXED.
>
> So some tweaks should get you there...
> >

I don't think triggering the bug on a clear works, because a write of a %NULL
that will cause a node to end with a %NULL becomes a spanning write into the
next node:

/*
 * mas_is_span_wr() - Check if the write needs to be treated as a write that
 * spans the node.
 * @mas: The maple state
 * @piv: The pivot value being written
 * @type: The maple node type
 * @entry: The data to write
 *
 * Spanning writes are writes that start in one node and end in another OR if
 * the write of a %NULL will cause the node to end with a %NULL.
 *
 * Return: True if this is a spanning write, false otherwise.
 */
static bool mas_is_span_wr(struct ma_wr_state *wr_mas)
{


I think the could would trigger in this situation

              Node_0
	     /
            /
	 Node_1
         /    \
        /      \
     Node_2    Node_3

but only if Node_3 contained only two ranges, one empty range and one normal
range, and if the mmap into empty range of Node_3 would merge with the last
range of Node_2 and the last range of Node_3. But I think the rebalancing of the
tree will make it very hard if not impossible to create such a node.


Bert Karwatzki
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux